It really makes me smile when people like Zhou take responsibility for their part and explain to the community on what happened so others will learn from this wisdom and bring good will back to this brand. It shows class and I hope this type of mature behavior spreads in this community, make it the best on the planet. I am proud to be a part of this and in my business venture coming online very soon, we are going to take the same level of communication and honest information.
Thank you.
Dalkore
Topic: A public apology to Donald, Patrick and Amir ("Intersango guys") (Read 8372 times)
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML
Expect Mass Leak
...
Also, the address starts with 1EML
Expect Mass Leak
It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."
LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM
Dope kilos? You bet. Everyone knows that. 5BTC sent, to golden dropbox travels value. Seventually, anyone questions whether 6ilk Road quietly extracts payment after various national senates relent, yielding harmless opinion, yes marijuana.
haha. someone should write a script to translate these vanity acronyms.
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML
Expect Mass Leak
...
Also, the address starts with 1EML
Expect Mass Leak
It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."
LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM
Dope kilos? You bet. Everyone knows that. 5BTC sent, to golden dropbox travels value. Seventually, anyone questions whether 6ilk Road quietly extracts payment after various national senates relent, yielding harmless opinion, yes marijuana.
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML
Expect Mass Leak
...
Also, the address starts with 1EML
Expect Mass Leak
It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."
LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML
Expect Mass Leak
...
Also, the address starts with 1EML
Expect Mass Leak
It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."
Later I questioned them "Does this mean that Rackspace Cloud shouldn't be trusted for anything financially serious?", they didn't give a response.
So we're still in this stage, aren't we.
On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.
Still more funny, try to convince a "conventional" finnancial institution you're working with to use something simple as PGP. You'll hit a wall of consultants not even knowing what encryption is, but communicating very "professionally" all day long....
Oh, I see, well that's a bit different then. I didn't have a chance to follow all the messages in these threads, but from the sound of it, someone inadvertently sent their hosting control panel password through an email server that was later compromised and gave someone access to the control panel? I'll use this as a case in point in the future the next time someone dismisses the risk of sending sensitive information in the clear over email. On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.
I am pretty sure Rackspace does not send passwords over emails - just the password reset link to the list of authorized emails on the account. They also use opportunistic TLS so if the recipient email server supports TLS the in-flight data will be encrypted.
However, in this particular case it didn't matter because it appears that one of the authorized email addresses was hosted on a compromised server.
...
Still waiting for an email with all the news and a splash page with daily updates.
I shouldn't have to find it here in this forum.
+1Still waiting for an email with all the news and a splash page with daily updates.
I shouldn't have to find it here in this forum.
This part of the situation make me cry.
On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.
Still more funny, try to convince a "conventional" finnancial institution you're working with to use something simple as PGP. You'll hit a wall of consultants not even knowing what encryption is, but communicating very "professionally" all day long....
If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.
This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.
From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!
The "I'm leaving Bitcoin" has nothing to do with Bitcoinica hack. I'm still here, but I'm not doing other Bitcoin business any more.
I was the main operator before Bitcoinica joins forces with Intersango. After that, neither the investor nor I possesses full decision power. Intersango guys took over the management entirely. Even my position in PR was not fully recognized.
I did suggest some ideas internally, but I shouldn't have criticized them for different ways of doing things (even though I disagreed).
They are working very hard, but at the same time, I have nothing to update either.
I see. Thanks for the clarification.
Edit: Looks like the whole Bitcoinica thing is going through a lot of growing pains. Glad to see you are still helping out 'till they are running smoothly again.
If they truly make good on all lost coins and do their best to compensate everyone they will definitely earn all of my trust and respect back.
However, the PR during the initial days was a fiasco and is still not where it should be.
Still waiting for an email with all the news and a splash page with daily updates.
I shouldn't have to find it here in this forum.
Regarding the Bitcoin Consultancy and questions about why they haven't been more active in this mess...I don't know what their arrangement with Bitcoinica is, but if they hadn't fully taken over the operation of Bitcoinica and had no responsibility for the security or theft, then they might be wise put their relationship on hold until Bitcoinica sorts everything out first. If the Bitcoin Consultancy had nothing to do with the security issue there's no reason they should have to clean up someone else's mess. At the minimum they would probably want to first arrange compensation for the time and effort that will be required for them to clean up the mess.
It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.
Patrick - compromised email server.
Me - improper access control.
Bitcoin Consultancy has fully taken over the management and the relationship is final. However, during the transition period, the access control is not defined properly and resulted in this problem. I have no knowledge of an insecure email server but I assigned admin rights to its user.
It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.
Patrick - compromised email server.
Me - improper access control.
Patrick - compromised email server.
Me - improper access control.
I think you need to make up your mind; are you going to stop posting about Bitcoinica, or are you going to keep telling us more and more.
Zouthong didn't say anything new recently. He just repeated again what is publickly known allready.
Unfortunately there seem to be a lot of folks hanging out here, which aren't able to read (but insist in spreading their guesses and opinions very loud.). This whole situation is also embarrasing for us, as a community. Bottom line is we're behaving as if we where a bunch of barely 17 year olds.
I think you need to make up your mind; are you going to stop posting about Bitcoinica, or are you going to keep telling us more and more.
Doesn't look like any more information than was already available. 
I have violated my promise (of "not to post anything [about Bitcoinica]") yesterday, by posting this in the emergency announcement thread:
It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.
Patrick - compromised email server.
Me - improper access control.
Patrick - compromised email server.
Me - improper access control.
I think you need to make up your mind; are you going to stop posting about Bitcoinica, or are you going to keep telling us more and more.
Regarding the Bitcoin Consultancy and questions about why they haven't been more active in this mess...I don't know what their arrangement with Bitcoinica is, but if they hadn't fully taken over the operation of Bitcoinica and had no responsibility for the security or theft, then they might be wise put their relationship on hold until Bitcoinica sorts everything out first. If the Bitcoin Consultancy had nothing to do with the security issue there's no reason they should have to clean up someone else's mess. At the minimum they would probably want to first arrange compensation for the time and effort that will be required for them to clean up the mess.
It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.
Patrick - compromised email server.
Me - improper access control.
Bitcoin Consultancy has fully taken over the management and the relationship is final. However, during the transition period, the access control is not defined properly and resulted in this problem. I have no knowledge of an insecure email server but I assigned admin rights to its user.
If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.
This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.
From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!
The "I'm leaving Bitcoin" has nothing to do with Bitcoinica hack. I'm still here, but I'm not doing other Bitcoin business any more.
I was the main operator before Bitcoinica joins forces with Intersango. After that, neither the investor nor I possesses full decision power. Intersango guys took over the management entirely. Even my position in PR was not fully recognized.
I did suggest some ideas internally, but I shouldn't have criticized them for different ways of doing things (even though I disagreed).
They are working very hard, but at the same time, I have nothing to update either.
Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.
One way or the other, their fault, and I don't mean Rackspace
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, creeate backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.
One way or the other, their fault, and I don't mean Rackspace
blah blah blah... Stop kissing Zhou tongs ass, dude.
Now tell me: How much money do you have hostage in Bitcoinica at this exact moment?
Now obviously, using cloud services in this manner was not a good idea, and there should have been some actual dedicated hardware in use, in a locked cage, "blah blah blah", but it's too late for that now.
It seems you are the one not to understand how things work. Not even going to argue this with you. It's really not worth it lol
I still want Zhou Tong to tell me how much did he pay Rackspace for a FULLY managed server...
For people who understand 1 word is more than enough. You're not such a person, rjk...
We used cloud services and what rjk just described is right...
If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.
This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.
From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!
One of the things I've admired most about Zhou Tong's work is that he seems to make good estimates of fair dispute resolution, then further errors on the customers side even when it costs him personally. If the new owners to not share this mode of operation, being a 'team player' could make ZT a lot of things but I could certainly understand if 'proud' was not one of them.
claim page doesnt work for me I click submit and nothing happens
Jump to: